aws-sdk-iam 1.10.0 → 1.11.0

data/lib/aws-sdk-iam/client_api.rb

@@ -28,6 +28,8 @@ module Aws::IAM
     BootstrapDatum = Shapes::BlobShape.new(name: 'BootstrapDatum')
     ChangePasswordRequest = Shapes::StructureShape.new(name: 'ChangePasswordRequest')
     ColumnNumber = Shapes::IntegerShape.new(name: 'ColumnNumber')
+    ConcurrentModificationException = Shapes::StructureShape.new(name: 'ConcurrentModificationException')
+    ConcurrentModificationMessage = Shapes::StringShape.new(name: 'ConcurrentModificationMessage')
     ContextEntry = Shapes::StructureShape.new(name: 'ContextEntry')
     ContextEntryListType = Shapes::ListShape.new(name: 'ContextEntryListType')
     ContextKeyNameType = Shapes::StringShape.new(name: 'ContextKeyNameType')
@@ -190,6 +192,8 @@ module Aws::IAM
     ListPolicyVersionsResponse = Shapes::StructureShape.new(name: 'ListPolicyVersionsResponse')
     ListRolePoliciesRequest = Shapes::StructureShape.new(name: 'ListRolePoliciesRequest')
     ListRolePoliciesResponse = Shapes::StructureShape.new(name: 'ListRolePoliciesResponse')
+    ListRoleTagsRequest = Shapes::StructureShape.new(name: 'ListRoleTagsRequest')
+    ListRoleTagsResponse = Shapes::StructureShape.new(name: 'ListRoleTagsResponse')
     ListRolesRequest = Shapes::StructureShape.new(name: 'ListRolesRequest')
     ListRolesResponse = Shapes::StructureShape.new(name: 'ListRolesResponse')
     ListSAMLProvidersRequest = Shapes::StructureShape.new(name: 'ListSAMLProvidersRequest')
@@ -204,6 +208,8 @@ module Aws::IAM
     ListSigningCertificatesResponse = Shapes::StructureShape.new(name: 'ListSigningCertificatesResponse')
     ListUserPoliciesRequest = Shapes::StructureShape.new(name: 'ListUserPoliciesRequest')
     ListUserPoliciesResponse = Shapes::StructureShape.new(name: 'ListUserPoliciesResponse')
+    ListUserTagsRequest = Shapes::StructureShape.new(name: 'ListUserTagsRequest')
+    ListUserTagsResponse = Shapes::StructureShape.new(name: 'ListUserTagsResponse')
     ListUsersRequest = Shapes::StructureShape.new(name: 'ListUsersRequest')
     ListUsersResponse = Shapes::StructureShape.new(name: 'ListUsersResponse')
     ListVirtualMFADevicesRequest = Shapes::StructureShape.new(name: 'ListVirtualMFADevicesRequest')
@@ -286,8 +292,13 @@ module Aws::IAM
     SimulationPolicyListType = Shapes::ListShape.new(name: 'SimulationPolicyListType')
     Statement = Shapes::StructureShape.new(name: 'Statement')
     StatementListType = Shapes::ListShape.new(name: 'StatementListType')
+    Tag = Shapes::StructureShape.new(name: 'Tag')
+    TagRoleRequest = Shapes::StructureShape.new(name: 'TagRoleRequest')
+    TagUserRequest = Shapes::StructureShape.new(name: 'TagUserRequest')
     UnmodifiableEntityException = Shapes::StructureShape.new(name: 'UnmodifiableEntityException')
     UnrecognizedPublicKeyEncodingException = Shapes::StructureShape.new(name: 'UnrecognizedPublicKeyEncodingException')
+    UntagRoleRequest = Shapes::StructureShape.new(name: 'UntagRoleRequest')
+    UntagUserRequest = Shapes::StructureShape.new(name: 'UntagUserRequest')
     UpdateAccessKeyRequest = Shapes::StructureShape.new(name: 'UpdateAccessKeyRequest')
     UpdateAccountPasswordPolicyRequest = Shapes::StructureShape.new(name: 'UpdateAccountPasswordPolicyRequest')
     UpdateAssumeRolePolicyRequest = Shapes::StructureShape.new(name: 'UpdateAssumeRolePolicyRequest')
@@ -407,6 +418,10 @@ module Aws::IAM
     summaryKeyType = Shapes::StringShape.new(name: 'summaryKeyType')
     summaryMapType = Shapes::MapShape.new(name: 'summaryMapType')
     summaryValueType = Shapes::IntegerShape.new(name: 'summaryValueType')
+    tagKeyListType = Shapes::ListShape.new(name: 'tagKeyListType')
+    tagKeyType = Shapes::StringShape.new(name: 'tagKeyType')
+    tagListType = Shapes::ListShape.new(name: 'tagListType')
+    tagValueType = Shapes::StringShape.new(name: 'tagValueType')
     thumbprintListType = Shapes::ListShape.new(name: 'thumbprintListType')
     thumbprintType = Shapes::StringShape.new(name: 'thumbprintType')
     unmodifiableEntityMessage = Shapes::StringShape.new(name: 'unmodifiableEntityMessage')
@@ -546,6 +561,7 @@ module Aws::IAM
     CreateRoleRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: roleNameType, required: true, location_name: "RoleName"))
     CreateRoleRequest.add_member(:assume_role_policy_document, Shapes::ShapeRef.new(shape: policyDocumentType, required: true, location_name: "AssumeRolePolicyDocument"))
     CreateRoleRequest.add_member(:description, Shapes::ShapeRef.new(shape: roleDescriptionType, location_name: "Description"))
+    CreateRoleRequest.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, location_name: "Tags"))
     CreateRoleRequest.add_member(:max_session_duration, Shapes::ShapeRef.new(shape: roleMaxSessionDurationType, location_name: "MaxSessionDuration"))
     CreateRoleRequest.add_member(:permissions_boundary, Shapes::ShapeRef.new(shape: arnType, location_name: "PermissionsBoundary"))
     CreateRoleRequest.struct_class = Types::CreateRoleRequest
@@ -577,6 +593,7 @@ module Aws::IAM
 
     CreateUserRequest.add_member(:path, Shapes::ShapeRef.new(shape: pathType, location_name: "Path"))
     CreateUserRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: userNameType, required: true, location_name: "UserName"))
+    CreateUserRequest.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, location_name: "Tags"))
     CreateUserRequest.add_member(:permissions_boundary, Shapes::ShapeRef.new(shape: arnType, location_name: "PermissionsBoundary"))
     CreateUserRequest.struct_class = Types::CreateUserRequest
 
@@ -1055,6 +1072,16 @@ module Aws::IAM
     ListRolePoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
     ListRolePoliciesResponse.struct_class = Types::ListRolePoliciesResponse
 
+    ListRoleTagsRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: roleNameType, required: true, location_name: "RoleName"))
+    ListRoleTagsRequest.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListRoleTagsRequest.add_member(:max_items, Shapes::ShapeRef.new(shape: maxItemsType, location_name: "MaxItems"))
+    ListRoleTagsRequest.struct_class = Types::ListRoleTagsRequest
+
+    ListRoleTagsResponse.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, required: true, location_name: "Tags"))
+    ListRoleTagsResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
+    ListRoleTagsResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListRoleTagsResponse.struct_class = Types::ListRoleTagsResponse
+
     ListRolesRequest.add_member(:path_prefix, Shapes::ShapeRef.new(shape: pathPrefixType, location_name: "PathPrefix"))
     ListRolesRequest.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
     ListRolesRequest.add_member(:max_items, Shapes::ShapeRef.new(shape: maxItemsType, location_name: "MaxItems"))
@@ -1117,6 +1144,16 @@ module Aws::IAM
     ListUserPoliciesResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
     ListUserPoliciesResponse.struct_class = Types::ListUserPoliciesResponse
 
+    ListUserTagsRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: existingUserNameType, required: true, location_name: "UserName"))
+    ListUserTagsRequest.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListUserTagsRequest.add_member(:max_items, Shapes::ShapeRef.new(shape: maxItemsType, location_name: "MaxItems"))
+    ListUserTagsRequest.struct_class = Types::ListUserTagsRequest
+
+    ListUserTagsResponse.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, required: true, location_name: "Tags"))
+    ListUserTagsResponse.add_member(:is_truncated, Shapes::ShapeRef.new(shape: booleanType, location_name: "IsTruncated"))
+    ListUserTagsResponse.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
+    ListUserTagsResponse.struct_class = Types::ListUserTagsResponse
+
     ListUsersRequest.add_member(:path_prefix, Shapes::ShapeRef.new(shape: pathPrefixType, location_name: "PathPrefix"))
     ListUsersRequest.add_member(:marker, Shapes::ShapeRef.new(shape: markerType, location_name: "Marker"))
     ListUsersRequest.add_member(:max_items, Shapes::ShapeRef.new(shape: maxItemsType, location_name: "MaxItems"))
@@ -1294,6 +1331,7 @@ module Aws::IAM
     Role.add_member(:create_date, Shapes::ShapeRef.new(shape: dateType, required: true, location_name: "CreateDate"))
     Role.add_member(:assume_role_policy_document, Shapes::ShapeRef.new(shape: policyDocumentType, location_name: "AssumeRolePolicyDocument"))
     Role.add_member(:description, Shapes::ShapeRef.new(shape: roleDescriptionType, location_name: "Description"))
+    Role.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, location_name: "Tags"))
     Role.add_member(:max_session_duration, Shapes::ShapeRef.new(shape: roleMaxSessionDurationType, location_name: "MaxSessionDuration"))
     Role.add_member(:permissions_boundary, Shapes::ShapeRef.new(shape: AttachedPermissionsBoundary, location_name: "PermissionsBoundary"))
     Role.struct_class = Types::Role
@@ -1307,6 +1345,7 @@ module Aws::IAM
     RoleDetail.add_member(:instance_profile_list, Shapes::ShapeRef.new(shape: instanceProfileListType, location_name: "InstanceProfileList"))
     RoleDetail.add_member(:role_policy_list, Shapes::ShapeRef.new(shape: policyDetailListType, location_name: "RolePolicyList"))
     RoleDetail.add_member(:attached_managed_policies, Shapes::ShapeRef.new(shape: attachedPoliciesListType, location_name: "AttachedManagedPolicies"))
+    RoleDetail.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, location_name: "Tags"))
     RoleDetail.add_member(:permissions_boundary, Shapes::ShapeRef.new(shape: AttachedPermissionsBoundary, location_name: "PermissionsBoundary"))
     RoleDetail.struct_class = Types::RoleDetail
 
@@ -1422,6 +1461,26 @@ module Aws::IAM
 
     StatementListType.member = Shapes::ShapeRef.new(shape: Statement)
 
+    Tag.add_member(:key, Shapes::ShapeRef.new(shape: tagKeyType, required: true, location_name: "Key"))
+    Tag.add_member(:value, Shapes::ShapeRef.new(shape: tagValueType, required: true, location_name: "Value"))
+    Tag.struct_class = Types::Tag
+
+    TagRoleRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: roleNameType, required: true, location_name: "RoleName"))
+    TagRoleRequest.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, required: true, location_name: "Tags"))
+    TagRoleRequest.struct_class = Types::TagRoleRequest
+
+    TagUserRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: existingUserNameType, required: true, location_name: "UserName"))
+    TagUserRequest.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, required: true, location_name: "Tags"))
+    TagUserRequest.struct_class = Types::TagUserRequest
+
+    UntagRoleRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: roleNameType, required: true, location_name: "RoleName"))
+    UntagRoleRequest.add_member(:tag_keys, Shapes::ShapeRef.new(shape: tagKeyListType, required: true, location_name: "TagKeys"))
+    UntagRoleRequest.struct_class = Types::UntagRoleRequest
+
+    UntagUserRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: existingUserNameType, required: true, location_name: "UserName"))
+    UntagUserRequest.add_member(:tag_keys, Shapes::ShapeRef.new(shape: tagKeyListType, required: true, location_name: "TagKeys"))
+    UntagUserRequest.struct_class = Types::UntagUserRequest
+
     UpdateAccessKeyRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: existingUserNameType, location_name: "UserName"))
     UpdateAccessKeyRequest.add_member(:access_key_id, Shapes::ShapeRef.new(shape: accessKeyIdType, required: true, location_name: "AccessKeyId"))
     UpdateAccessKeyRequest.add_member(:status, Shapes::ShapeRef.new(shape: statusType, required: true, location_name: "Status"))
@@ -1532,6 +1591,7 @@ module Aws::IAM
     User.add_member(:arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "Arn"))
     User.add_member(:create_date, Shapes::ShapeRef.new(shape: dateType, required: true, location_name: "CreateDate"))
     User.add_member(:password_last_used, Shapes::ShapeRef.new(shape: dateType, location_name: "PasswordLastUsed"))
+    User.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, location_name: "Tags"))
     User.add_member(:permissions_boundary, Shapes::ShapeRef.new(shape: AttachedPermissionsBoundary, location_name: "PermissionsBoundary"))
     User.struct_class = Types::User
 
@@ -1543,6 +1603,7 @@ module Aws::IAM
     UserDetail.add_member(:user_policy_list, Shapes::ShapeRef.new(shape: policyDetailListType, location_name: "UserPolicyList"))
     UserDetail.add_member(:group_list, Shapes::ShapeRef.new(shape: groupNameListType, location_name: "GroupList"))
     UserDetail.add_member(:attached_managed_policies, Shapes::ShapeRef.new(shape: attachedPoliciesListType, location_name: "AttachedManagedPolicies"))
+    UserDetail.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, location_name: "Tags"))
     UserDetail.add_member(:permissions_boundary, Shapes::ShapeRef.new(shape: AttachedPermissionsBoundary, location_name: "PermissionsBoundary"))
     UserDetail.struct_class = Types::UserDetail
 
@@ -1592,6 +1653,10 @@ module Aws::IAM
     summaryMapType.key = Shapes::ShapeRef.new(shape: summaryKeyType)
     summaryMapType.value = Shapes::ShapeRef.new(shape: summaryValueType)
 
+    tagKeyListType.member = Shapes::ShapeRef.new(shape: tagKeyType)
+
+    tagListType.member = Shapes::ShapeRef.new(shape: Tag)
+
     thumbprintListType.member = Shapes::ShapeRef.new(shape: thumbprintType)
 
     userDetailListType.member = Shapes::ShapeRef.new(shape: UserDetail)
@@ -1815,6 +1880,7 @@ module Aws::IAM
         o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
         o.errors << Shapes::ShapeRef.new(shape: EntityAlreadyExistsException)
         o.errors << Shapes::ShapeRef.new(shape: MalformedPolicyDocumentException)
+        o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
       end)
 
@@ -1862,6 +1928,8 @@ module Aws::IAM
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
         o.errors << Shapes::ShapeRef.new(shape: EntityAlreadyExistsException)
         o.errors << Shapes::ShapeRef.new(shape: NoSuchEntityException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
       end)
 
@@ -2015,6 +2083,7 @@ module Aws::IAM
         o.errors << Shapes::ShapeRef.new(shape: DeleteConflictException)
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
         o.errors << Shapes::ShapeRef.new(shape: UnmodifiableEntityException)
+        o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
       end)
 
@@ -2114,6 +2183,7 @@ module Aws::IAM
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
         o.errors << Shapes::ShapeRef.new(shape: NoSuchEntityException)
         o.errors << Shapes::ShapeRef.new(shape: DeleteConflictException)
+        o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
       end)
 
@@ -2713,6 +2783,16 @@ module Aws::IAM
         )
       end)
 
+      api.add_operation(:list_role_tags, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "ListRoleTags"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: ListRoleTagsRequest)
+        o.output = Shapes::ShapeRef.new(shape: ListRoleTagsResponse)
+        o.errors << Shapes::ShapeRef.new(shape: NoSuchEntityException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
+      end)
+
       api.add_operation(:list_roles, Seahorse::Model::Operation.new.tap do |o|
         o.name = "ListRoles"
         o.http_method = "POST"
@@ -2814,6 +2894,16 @@ module Aws::IAM
         )
       end)
 
+      api.add_operation(:list_user_tags, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "ListUserTags"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: ListUserTagsRequest)
+        o.output = Shapes::ShapeRef.new(shape: ListUserTagsResponse)
+        o.errors << Shapes::ShapeRef.new(shape: NoSuchEntityException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
+      end)
+
       api.add_operation(:list_users, Seahorse::Model::Operation.new.tap do |o|
         o.name = "ListUsers"
         o.http_method = "POST"
@@ -3009,6 +3099,54 @@ module Aws::IAM
         )
       end)
 
+      api.add_operation(:tag_role, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "TagRole"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: TagRoleRequest)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: NoSuchEntityException)
+        o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
+      end)
+
+      api.add_operation(:tag_user, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "TagUser"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: TagUserRequest)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: NoSuchEntityException)
+        o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
+      end)
+
+      api.add_operation(:untag_role, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "UntagRole"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: UntagRoleRequest)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: NoSuchEntityException)
+        o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
+      end)
+
+      api.add_operation(:untag_user, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "UntagUser"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: UntagUserRequest)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: NoSuchEntityException)
+        o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
+      end)
+
       api.add_operation(:update_access_key, Seahorse::Model::Operation.new.tap do |o|
         o.name = "UpdateAccessKey"
         o.http_method = "POST"
@@ -3166,6 +3304,7 @@ module Aws::IAM
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
         o.errors << Shapes::ShapeRef.new(shape: EntityAlreadyExistsException)
         o.errors << Shapes::ShapeRef.new(shape: EntityTemporarilyUnmodifiableException)
+        o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
       end)
 

data/lib/aws-sdk-iam/current_user.rb

@@ -101,6 +101,18 @@ module Aws::IAM
       data[:password_last_used]
     end
 
+    # A list of tags that are associated with the specified user. For more
+    # information about tagging, see [Tagging IAM Identities][1] in the *IAM
+    # User Guide*.
+    #
+    #
+    #
+    # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    # @return [Array<Types::Tag>]
+    def tags
+      data[:tags]
+    end
+
     # The ARN of the policy used to set the permissions boundary for the
     # user.
     #

data/lib/aws-sdk-iam/resource.rb

@@ -344,6 +344,12 @@ module Aws::IAM
     #     role_name: "roleNameType", # required
     #     assume_role_policy_document: "policyDocumentType", # required
     #     description: "roleDescriptionType",
+    #     tags: [
+    #       {
+    #         key: "tagKeyType", # required
+    #         value: "tagValueType", # required
+    #       },
+    #     ],
     #     max_session_duration: 1,
     #     permissions_boundary: "arnType",
     #   })
@@ -401,6 +407,21 @@ module Aws::IAM
     #   [1]: http://wikipedia.org/wiki/regex
     # @option options [String] :description
     #   A description of the role.
+    # @option options [Array<Types::Tag>] :tags
+    #   A list of tags that you want to attach to the newly created role. Each
+    #   tag consists of a key name and an associated value. For more
+    #   information about tagging, see [Tagging IAM Identities][1] in the *IAM
+    #   User Guide*.
+    #
+    #   <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
+    #   of tags per role, then the entire request fails and the role is not
+    #   created.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
     # @option options [Integer] :max_session_duration
     #   The maximum session duration (in seconds) that you want to set for the
     #   specified role. If you do not specify a value for this setting, the
@@ -635,6 +656,12 @@ module Aws::IAM
     #   user = iam.create_user({
     #     path: "pathType",
     #     user_name: "userNameType", # required
+    #     tags: [
+    #       {
+    #         key: "tagKeyType", # required
+    #         value: "tagValueType", # required
+    #       },
+    #     ],
     #     permissions_boundary: "arnType",
     #   })
     # @param [Hash] options ({})
@@ -668,6 +695,21 @@ module Aws::IAM
     #
     #
     #   [1]: http://wikipedia.org/wiki/regex
+    # @option options [Array<Types::Tag>] :tags
+    #   A list of tags that you want to attach to the newly created user. Each
+    #   tag consists of a key name and an associated value. For more
+    #   information about tagging, see [Tagging IAM Identities][1] in the *IAM
+    #   User Guide*.
+    #
+    #   <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed number
+    #   of tags per user, then the entire request fails and the user is not
+    #   created.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
     # @option options [String] :permissions_boundary
     #   The ARN of the policy that is used to set the permissions boundary for
     #   the user.

data/lib/aws-sdk-iam/role.rb

@@ -89,6 +89,18 @@ module Aws::IAM
       data[:description]
     end
 
+    # A list of tags that are attached to the specified role. For more
+    # information about tagging, see [Tagging IAM Identities][1] in the *IAM
+    # User Guide*.
+    #
+    #
+    #
+    # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    # @return [Array<Types::Tag>]
+    def tags
+      data[:tags]
+    end
+
     # The maximum session duration (in seconds) for the specified role.
     # Anyone who uses the AWS CLI or API to assume the role can specify the
     # duration using the optional `DurationSeconds` API parameter or

data/lib/aws-sdk-iam/types.rb

@@ -1076,6 +1076,12 @@ module Aws::IAM
     #         role_name: "roleNameType", # required
     #         assume_role_policy_document: "policyDocumentType", # required
     #         description: "roleDescriptionType",
+    #         tags: [
+    #           {
+    #             key: "tagKeyType", # required
+    #             value: "tagValueType", # required
+    #           },
+    #         ],
     #         max_session_duration: 1,
     #         permissions_boundary: "arnType",
     #       }
@@ -1141,6 +1147,23 @@ module Aws::IAM
     #   A description of the role.
     #   @return [String]
     #
+    # @!attribute [rw] tags
+    #   A list of tags that you want to attach to the newly created role.
+    #   Each tag consists of a key name and an associated value. For more
+    #   information about tagging, see [Tagging IAM Identities][1] in the
+    #   *IAM User Guide*.
+    #
+    #   <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
+    #   number of tags per role, then the entire request fails and the role
+    #   is not created.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #   @return [Array<Types::Tag>]
+    #
     # @!attribute [rw] max_session_duration
     #   The maximum session duration (in seconds) that you want to set for
     #   the specified role. If you do not specify a value for this setting,
@@ -1176,6 +1199,7 @@ module Aws::IAM
       :role_name,
       :assume_role_policy_document,
       :description,
+      :tags,
       :max_session_duration,
       :permissions_boundary)
       include Aws::Structure
@@ -1263,9 +1287,20 @@ module Aws::IAM
     #       }
     #
     # @!attribute [rw] aws_service_name
-    #   The AWS service to which this role is attached. You use a string
-    #   similar to a URL but without the http:// in front. For example:
-    #   `elasticbeanstalk.amazonaws.com`
+    #   The service principal for the AWS service to which this role is
+    #   attached. You use a string similar to a URL but without the http://
+    #   in front. For example: `elasticbeanstalk.amazonaws.com`.
+    #
+    #   Service principals are unique and case-sensitive. To find the exact
+    #   service principal for your service-linked role, see [AWS Services
+    #   That Work with IAM][1] in the *IAM User Guide* and look for the
+    #   services that have <b>Yes </b>in the **Service-Linked Role** column.
+    #   Choose the **Yes** link to view the service-linked role
+    #   documentation for that service.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html
     #   @return [String]
     #
     # @!attribute [rw] description
@@ -1273,12 +1308,16 @@ module Aws::IAM
     #   @return [String]
     #
     # @!attribute [rw] custom_suffix
-    #   A string that you provide, which is combined with the service name
-    #   to form the complete role name. If you make multiple requests for
-    #   the same service, then you must supply a different `CustomSuffix`
-    #   for each request. Otherwise the request fails with a duplicate role
-    #   name error. For example, you could add `-1` or `-debug` to the
-    #   suffix.
+    #   A string that you provide, which is combined with the
+    #   service-provided prefix to form the complete role name. If you make
+    #   multiple requests for the same service, then you must supply a
+    #   different `CustomSuffix` for each request. Otherwise the request
+    #   fails with a duplicate role name error. For example, you could add
+    #   `-1` or `-debug` to the suffix.
+    #
+    #   Some services do not support the `CustomSuffix` parameter. If you
+    #   provide an optional suffix and the operation fails, try the
+    #   operation again without the suffix.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateServiceLinkedRoleRequest AWS API Documentation
@@ -1361,6 +1400,12 @@ module Aws::IAM
     #       {
     #         path: "pathType",
     #         user_name: "userNameType", # required
+    #         tags: [
+    #           {
+    #             key: "tagKeyType", # required
+    #             value: "tagValueType", # required
+    #           },
+    #         ],
     #         permissions_boundary: "arnType",
     #       }
     #
@@ -1399,6 +1444,23 @@ module Aws::IAM
     #   [1]: http://wikipedia.org/wiki/regex
     #   @return [String]
     #
+    # @!attribute [rw] tags
+    #   A list of tags that you want to attach to the newly created user.
+    #   Each tag consists of a key name and an associated value. For more
+    #   information about tagging, see [Tagging IAM Identities][1] in the
+    #   *IAM User Guide*.
+    #
+    #   <note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
+    #   number of tags per user, then the entire request fails and the user
+    #   is not created.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #   @return [Array<Types::Tag>]
+    #
     # @!attribute [rw] permissions_boundary
     #   The ARN of the policy that is used to set the permissions boundary
     #   for the user.
@@ -1409,6 +1471,7 @@ module Aws::IAM
     class CreateUserRequest < Struct.new(
       :path,
       :user_name,
+      :tags,
       :permissions_boundary)
       include Aws::Structure
     end
@@ -5289,6 +5352,88 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass ListRoleTagsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         role_name: "roleNameType", # required
+    #         marker: "markerType",
+    #         max_items: 1,
+    #       }
+    #
+    # @!attribute [rw] role_name
+    #   The name of the IAM role for which you want to see the list of tags.
+    #
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric
+    #   characters with no spaces. You can also include any of the following
+    #   characters: \_+=,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #   @return [String]
+    #
+    # @!attribute [rw] marker
+    #   Use this parameter only when paginating results and only after you
+    #   receive a response indicating that the results are truncated. Set it
+    #   to the value of the `Marker` element in the response to indicate
+    #   where the next call should start.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_items
+    #   (Optional) Use this only when paginating results to indicate the
+    #   maximum number of items that you want in the response. If additional
+    #   items exist beyond the maximum that you specify, the `IsTruncated`
+    #   response element is `true`.
+    #
+    #   If you do not include this parameter, it defaults to 100. Note that
+    #   IAM might return fewer results, even when more results are
+    #   available. In that case, the `IsTruncated` response element returns
+    #   `true`, and `Marker` contains a value to include in the subsequent
+    #   call that tells the service where to continue from.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListRoleTagsRequest AWS API Documentation
+    #
+    class ListRoleTagsRequest < Struct.new(
+      :role_name,
+      :marker,
+      :max_items)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] tags
+    #   The list of tags currently that is attached to the role. Each tag
+    #   consists of a key name and an associated value. If no tags are
+    #   attached to the specified role, the response contains an empty list.
+    #   @return [Array<Types::Tag>]
+    #
+    # @!attribute [rw] is_truncated
+    #   A flag that indicates whether there are more items to return. If
+    #   your results were truncated, you can use the `Marker` request
+    #   parameter to make a subsequent pagination request that retrieves
+    #   more items. Note that IAM might return fewer than the `MaxItems`
+    #   number of results even when more results are available. Check
+    #   `IsTruncated` after every call to ensure that you receive all of
+    #   your results.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] marker
+    #   When `IsTruncated` is `true`, this element is present and contains
+    #   the value to use for the `Marker` parameter in a subsequent
+    #   pagination request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListRoleTagsResponse AWS API Documentation
+    #
+    class ListRoleTagsResponse < Struct.new(
+      :tags,
+      :is_truncated,
+      :marker)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass ListRolesRequest
     #   data as a hash:
     #
@@ -5783,6 +5928,88 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass ListUserTagsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         user_name: "existingUserNameType", # required
+    #         marker: "markerType",
+    #         max_items: 1,
+    #       }
+    #
+    # @!attribute [rw] user_name
+    #   The name of the IAM user whose tags you want to see.
+    #
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric
+    #   characters with no spaces. You can also include any of the following
+    #   characters: =,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #   @return [String]
+    #
+    # @!attribute [rw] marker
+    #   Use this parameter only when paginating results and only after you
+    #   receive a response indicating that the results are truncated. Set it
+    #   to the value of the `Marker` element in the response to indicate
+    #   where the next call should start.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_items
+    #   (Optional) Use this only when paginating results to indicate the
+    #   maximum number of items that you want in the response. If additional
+    #   items exist beyond the maximum that you specify, the `IsTruncated`
+    #   response element is `true`.
+    #
+    #   If you do not include this parameter, it defaults to 100. Note that
+    #   IAM might return fewer results, even when more results are
+    #   available. In that case, the `IsTruncated` response element returns
+    #   `true`, and `Marker` contains a value to include in the subsequent
+    #   call that tells the service where to continue from.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListUserTagsRequest AWS API Documentation
+    #
+    class ListUserTagsRequest < Struct.new(
+      :user_name,
+      :marker,
+      :max_items)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] tags
+    #   The list of tags that are currently attached to the user. Each tag
+    #   consists of a key name and an associated value. If no tags are
+    #   attached to the specified user, the response contains an empty list.
+    #   @return [Array<Types::Tag>]
+    #
+    # @!attribute [rw] is_truncated
+    #   A flag that indicates whether there are more items to return. If
+    #   your results were truncated, you can use the `Marker` request
+    #   parameter to make a subsequent pagination request that retrieves
+    #   more items. Note that IAM might return fewer than the `MaxItems`
+    #   number of results even when more results are available. Check
+    #   `IsTruncated` after every call to ensure that you receive all of
+    #   your results.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] marker
+    #   When `IsTruncated` is `true`, this element is present and contains
+    #   the value to use for the `Marker` parameter in a subsequent
+    #   pagination request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ListUserTagsResponse AWS API Documentation
+    #
+    class ListUserTagsResponse < Struct.new(
+      :tags,
+      :is_truncated,
+      :marker)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass ListUsersRequest
     #   data as a hash:
     #
@@ -7168,6 +7395,16 @@ module Aws::IAM
     #   A description of the role that you provide.
     #   @return [String]
     #
+    # @!attribute [rw] tags
+    #   A list of tags that are attached to the specified role. For more
+    #   information about tagging, see [Tagging IAM Identities][1] in the
+    #   *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #   @return [Array<Types::Tag>]
+    #
     # @!attribute [rw] max_session_duration
     #   The maximum session duration (in seconds) for the specified role.
     #   Anyone who uses the AWS CLI or API to assume the role can specify
@@ -7197,6 +7434,7 @@ module Aws::IAM
       :create_date,
       :assume_role_policy_document,
       :description,
+      :tags,
       :max_session_duration,
       :permissions_boundary)
       include Aws::Structure
@@ -7270,6 +7508,16 @@ module Aws::IAM
     #   the role's access (permissions) policies.
     #   @return [Array<Types::AttachedPolicy>]
     #
+    # @!attribute [rw] tags
+    #   A list of tags that are attached to the specified role. For more
+    #   information about tagging, see [Tagging IAM Identities][1] in the
+    #   *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #   @return [Array<Types::Tag>]
+    #
     # @!attribute [rw] permissions_boundary
     #   The ARN of the policy used to set the permissions boundary for the
     #   role.
@@ -7294,6 +7542,7 @@ module Aws::IAM
       :instance_profile_list,
       :role_policy_list,
       :attached_managed_policies,
+      :tags,
       :permissions_boundary)
       include Aws::Structure
     end
@@ -8224,6 +8473,199 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # A structure that represents user-provided metadata that can be
+    # associated with a resource such as an IAM user or role. For more
+    # information about tagging, see [Tagging IAM Identities][1] in the *IAM
+    # User Guide*.
+    #
+    #
+    #
+    # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #
+    # @note When making an API call, you may pass Tag
+    #   data as a hash:
+    #
+    #       {
+    #         key: "tagKeyType", # required
+    #         value: "tagValueType", # required
+    #       }
+    #
+    # @!attribute [rw] key
+    #   The key name that can be used to look up or retrieve the associated
+    #   value. For example, `Department` or `Cost Center` are common
+    #   choices.
+    #   @return [String]
+    #
+    # @!attribute [rw] value
+    #   The value associated with this tag. For example, tags with a key
+    #   name of `Department` could have values such as `Human Resources`,
+    #   `Accounting`, and `Support`. Tags with a key name of `Cost Center`
+    #   might have values that consist of the number associated with the
+    #   different cost centers in your company. Typically, many resources
+    #   have tags with the same key name but with different values.
+    #
+    #   <note markdown="1"> AWS always interprets the tag `Value` as a single string. If you
+    #   need to store an array, you can store comma-separated values in the
+    #   string. However, you must interpret the value in your code.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/Tag AWS API Documentation
+    #
+    class Tag < Struct.new(
+      :key,
+      :value)
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass TagRoleRequest
+    #   data as a hash:
+    #
+    #       {
+    #         role_name: "roleNameType", # required
+    #         tags: [ # required
+    #           {
+    #             key: "tagKeyType", # required
+    #             value: "tagValueType", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] role_name
+    #   The name of the role that you want to add tags to.
+    #
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric
+    #   characters with no spaces. You can also include any of the following
+    #   characters: \_+=,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   The list of tags that you want to attach to the role. Each tag
+    #   consists of a key name and an associated value. You can specify this
+    #   with a JSON string.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagRoleRequest AWS API Documentation
+    #
+    class TagRoleRequest < Struct.new(
+      :role_name,
+      :tags)
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass TagUserRequest
+    #   data as a hash:
+    #
+    #       {
+    #         user_name: "existingUserNameType", # required
+    #         tags: [ # required
+    #           {
+    #             key: "tagKeyType", # required
+    #             value: "tagValueType", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] user_name
+    #   The name of the user that you want to add tags to.
+    #
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric
+    #   characters with no spaces. You can also include any of the following
+    #   characters: =,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   The list of tags that you want to attach to the user. Each tag
+    #   consists of a key name and an associated value.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TagUserRequest AWS API Documentation
+    #
+    class TagUserRequest < Struct.new(
+      :user_name,
+      :tags)
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass UntagRoleRequest
+    #   data as a hash:
+    #
+    #       {
+    #         role_name: "roleNameType", # required
+    #         tag_keys: ["tagKeyType"], # required
+    #       }
+    #
+    # @!attribute [rw] role_name
+    #   The name of the IAM role from which you want to remove tags.
+    #
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric
+    #   characters with no spaces. You can also include any of the following
+    #   characters: \_+=,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #   @return [String]
+    #
+    # @!attribute [rw] tag_keys
+    #   A list of key names as a simple array of strings. The tags with
+    #   matching keys are removed from the specified role.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagRoleRequest AWS API Documentation
+    #
+    class UntagRoleRequest < Struct.new(
+      :role_name,
+      :tag_keys)
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass UntagUserRequest
+    #   data as a hash:
+    #
+    #       {
+    #         user_name: "existingUserNameType", # required
+    #         tag_keys: ["tagKeyType"], # required
+    #       }
+    #
+    # @!attribute [rw] user_name
+    #   The name of the IAM user from which you want to remove tags.
+    #
+    #   This parameter accepts (through its [regex pattern][1]) a string of
+    #   characters that consist of upper and lowercase alphanumeric
+    #   characters with no spaces. You can also include any of the following
+    #   characters: =,.@-
+    #
+    #
+    #
+    #   [1]: http://wikipedia.org/wiki/regex
+    #   @return [String]
+    #
+    # @!attribute [rw] tag_keys
+    #   A list of key names as a simple array of strings. The tags with
+    #   matching keys are removed from the specified user.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UntagUserRequest AWS API Documentation
+    #
+    class UntagUserRequest < Struct.new(
+      :user_name,
+      :tag_keys)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass UpdateAccessKeyRequest
     #   data as a hash:
     #
@@ -9354,6 +9796,16 @@ module Aws::IAM
     #   [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html
     #   @return [Time]
     #
+    # @!attribute [rw] tags
+    #   A list of tags that are associated with the specified user. For more
+    #   information about tagging, see [Tagging IAM Identities][1] in the
+    #   *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #   @return [Array<Types::Tag>]
+    #
     # @!attribute [rw] permissions_boundary
     #   The ARN of the policy used to set the permissions boundary for the
     #   user.
@@ -9375,6 +9827,7 @@ module Aws::IAM
       :arn,
       :create_date,
       :password_last_used,
+      :tags,
       :permissions_boundary)
       include Aws::Structure
     end
@@ -9441,6 +9894,16 @@ module Aws::IAM
     #   A list of the managed policies attached to the user.
     #   @return [Array<Types::AttachedPolicy>]
     #
+    # @!attribute [rw] tags
+    #   A list of tags that are associated with the specified user. For more
+    #   information about tagging, see [Tagging IAM Identities][1] in the
+    #   *IAM User Guide*.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    #   @return [Array<Types::Tag>]
+    #
     # @!attribute [rw] permissions_boundary
     #   The ARN of the policy used to set the permissions boundary for the
     #   user.
@@ -9464,6 +9927,7 @@ module Aws::IAM
       :user_policy_list,
       :group_list,
       :attached_managed_policies,
+      :tags,
       :permissions_boundary)
       include Aws::Structure
     end